Sign-up

ID

VAR-200412-1218


CVE

CVE-2004-1775


TITLE

Cisco IOS/CatOS exposes read-write SNMP community string via traversal of View-based Access Control MIB (VACM) using read-only community string

Trust: 0.8

sources: CERT/CC: VU#645400

DESCRIPTION

Cisco VACM (View-based Access Control MIB) for Catalyst Operating Software (CatOS) 5.5 and 6.1 and IOS 12.0 and 12.1 allows remote attackers to read and modify device configuration via the read-write community string. There is a vulnerability that permits unauthorized access to several switch and router products manufactured by Cisco Systems. An attacker who gains access to an affected device can read and modify its configuration, creating a denial-of-service condition, an information leak, or both. Cisco IOS and CatOS are the network firmware developed and maintained by Cisco. The problem involves the design of the View Access Control MIB (VACM) used by Cisco firmware. Under some circumstances, it may be possible for a remote user to gain access to the Read-Write password. This could allow an attacker to change configuration settings on the device

Trust: 1.98

sources: NVD: CVE-2004-1775 // CERT/CC: VU#645400 // BID: 5030 // VULHUB: VHN-10205

AFFECTED PRODUCTS

vendor:ciscomodel:iosscope:eqversion:12.0xm

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:12.0xi

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:12.0xl

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:12.0xk

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:12.0xh

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:12.0xf

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:12.0xj

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:12.0xn

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:12.0xe

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:12.0xg

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:12.1xx

Trust: 1.3

vendor:ciscomodel:iosscope:eqversion:12.1xv

Trust: 1.3

vendor:ciscomodel:iosscope:eqversion:12.1

Trust: 1.3

vendor:ciscomodel:iosscope:eqversion:12.0xv

Trust: 1.3

vendor:ciscomodel:catosscope:eqversion:6.1

Trust: 1.3

vendor:ciscomodel:catosscope:eqversion:5.5

Trust: 1.3

vendor:ciscomodel:iosscope:eqversion:12.1xg

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.1cx

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.1xe

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0t

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0xr

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.1xh

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.1ea

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0xs

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.1e

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0sl

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.1ya

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.1yb

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.1xz

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0db

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0sc

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.1xt

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.1xy

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.1xs

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.1xw

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0xp

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0xd

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.1xr

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0xw

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0xc

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0xu

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.1ex

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.1xc

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.1db

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.1xu

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.1t

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.1dc

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.1xi

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.1yd

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.1xq

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0s

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0xa

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.1xp

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.1ec

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.1xm

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.1xl

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.1yc

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0st

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.1xb

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0dc

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.1xa

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.1xd

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.1xk

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0xb

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.1xf

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0da

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0xq

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.1aa

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.1da

Trust: 1.0

vendor:ciscomodel: - scope: - version: -

Trust: 0.8

vendor:ciscomodel:ios 12.1ydscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1ycscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1ybscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1yascope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1xzscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1xyscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1xwscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1xuscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1xtscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1xsscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1xrscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1xqscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1xpscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1xmscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1xlscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1xkscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1xiscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1xhscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1xgscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1xfscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1xescope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1xdscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1xcscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1xbscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1xascope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1tscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1exscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1ecscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1eascope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1escope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1dcscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1dbscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1dascope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1cxscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1aascope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0xwscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0xuscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0xsscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0xrscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0xqscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0xpscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0xnscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0xmscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0xlscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0xkscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0xjscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0xiscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0xhscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0xgscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0xfscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0xescope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0xdscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0xcscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0xbscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0xascope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0tscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0stscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0slscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0scscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0sscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0dcscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0dbscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0dascope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1eyscope:neversion: -

Trust: 0.3

vendor:ciscomodel:ios 12.0wtscope:neversion: -

Trust: 0.3

vendor:ciscomodel:ios 12.0w5scope:neversion: -

Trust: 0.3

vendor:ciscomodel:iosscope:neversion:12.0

Trust: 0.3

vendor:ciscomodel:iosscope:neversion:11.3

Trust: 0.3

vendor:ciscomodel:iosscope:neversion:11.2

Trust: 0.3

vendor:ciscomodel:iosscope:neversion:11.1

Trust: 0.3

vendor:ciscomodel:iosscope:neversion:11.0x

Trust: 0.3

sources: CERT/CC: VU#645400 // BID: 5030 // CNNVD: CNNVD-200412-907 // NVD: CVE-2004-1775

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2004-1775
value: MEDIUM

Trust: 1.0

CARNEGIE MELLON: VU#645400
value: 54.68

Trust: 0.8

CNNVD: CNNVD-200412-907
value: MEDIUM

Trust: 0.6

VULHUB: VHN-10205
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2004-1775
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-10205
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#645400 // VULHUB: VHN-10205 // CNNVD: CNNVD-200412-907 // NVD: CVE-2004-1775

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-1775

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200412-907

TYPE

Design Error

Trust: 0.9

sources: BID: 5030 // CNNVD: CNNVD-200412-907

EXTERNAL IDS

db:CERT/CCid:VU#645400

Trust: 2.5

db:BIDid:5030

Trust: 2.0

db:NVDid:CVE-2004-1775

Trust: 1.7

db:CNNVDid:CNNVD-200412-907

Trust: 0.7

db:CISCOid:20041008 CISCO IOS SOFTWARE MULTIPLE SNMP COMMUNITY STRING VULNERABILITIES

Trust: 0.6

db:XFid:6179

Trust: 0.6

db:VULHUBid:VHN-10205

Trust: 0.1

sources: CERT/CC: VU#645400 // VULHUB: VHN-10205 // BID: 5030 // CNNVD: CNNVD-200412-907 // NVD: CVE-2004-1775

REFERENCES

url:http://www.cisco.com/warp/public/707/ios-snmp-community-vulns-pub.shtml

Trust: 2.8

url:http://www.securityfocus.com/bid/5030

Trust: 1.7

url:http://www.kb.cert.org/vuls/id/645400

Trust: 1.7

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/6179

Trust: 1.1

url:http://www.cisco.com/warp/public/759/ipj_1-3/ipj_1-3_snmpv3_1.html

Trust: 0.8

url:http://www.electricrain.com/edavis/usm.html

Trust: 0.8

url:http://www.electricrain.com/edavis/vacm.html

Trust: 0.8

url:http://www.ietf.org/rfc/rfc2574.txt

Trust: 0.8

url:http://www.ietf.org/rfc/rfc2575.txt

Trust: 0.8

url:http://www.ietf.org/rfc/rfc2576.txt

Trust: 0.8

url:http://xforce.iss.net/xforce/xfdb/6179

Trust: 0.6

sources: CERT/CC: VU#645400 // VULHUB: VHN-10205 // BID: 5030 // CNNVD: CNNVD-200412-907 // NVD: CVE-2004-1775

CREDITS

This vulnerability announced in a Cisco Security Advisory.

Trust: 0.9

sources: BID: 5030 // CNNVD: CNNVD-200412-907

SOURCES

db:CERT/CCid:VU#645400
db:VULHUBid:VHN-10205
db:BIDid:5030
db:CNNVDid:CNNVD-200412-907
db:NVDid:CVE-2004-1775

LAST UPDATE DATE

2024-11-23T22:15:36.220000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#645400date:2002-03-05T00:00:00
db:VULHUBid:VHN-10205date:2017-07-11T00:00:00
db:BIDid:5030date:2002-06-16T00:00:00
db:CNNVDid:CNNVD-200412-907date:2005-10-20T00:00:00
db:NVDid:CVE-2004-1775date:2024-11-20T23:51:43.010

SOURCES RELEASE DATE

db:CERT/CCid:VU#645400date:2001-05-01T00:00:00
db:VULHUBid:VHN-10205date:2004-12-31T00:00:00
db:BIDid:5030date:2002-06-16T00:00:00
db:CNNVDid:CNNVD-200412-907date:2004-12-31T00:00:00
db:NVDid:CVE-2004-1775date:2004-12-31T05:00:00